On Tue, 08 Mar 2011 23:35:03 -0800, erikmccaskey64 <erikmccaske...@zoho.com>
wrote:
>
> it's a normal desktop machines iptables firewall:
>
>
> If i want to block udp on dport 80 on the output chain, then is this enough?
> i want to only allow tcp on it!
> iptables -P OUTPUT DROP
> iptables -A OUTPUT -o $PUBIF --dport 80 -j ACCEPT
>
Only allowed outgoing traffic is on $PUBIF inteface for tcp and udp port
80.
On all other interfaces all outgoing traffic is blocked.
>
> or i need this rule?
> iptables -P OUTPUT DROP
> iptables -A OUTPUT -o $PUBIF -p tcp --dport 80 -j ACCEPT
>
Only allowed outgoing traffic is on $PUBIF interface for tcp port 80. On
all
other interfaces all outgoing traffic is blocked.
I may be mistaken, but such hard rules could cause serious problems. I
think
that even dns name resolution would not work anymore (you cannot send out dns
queries).
Essentialy you could only browse websites on port 80 using IP numbers instead
of server
name.
--
Virgo Pärna
virgo.pa...@mail.ee
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/slrninehqp.q6s.virgo.pa...@dragon.gaiasoft.ee
